SoylentNews is people
SoylentNews
The Linux Homefront Project reports on Lennart Poettering looking to do away with the good old "su" command. From the article, "With this pull request systemd now support a su command functional and can create privileged sessions, that are fully isolated from the original session. Su is a classic UNIX command and used more than 30 years. Why su is bad? Lennart Poettering says:"
Well, there have been long discussions about this, but the problem is that what su is supposed to do is very unclear. On one hand it’s supposed to open a new session and change a number of execution context parameters (uid, gid, env, …), and on the other it’s supposed to inherit a lot concepts from the originating session (tty, cgroup, audit, …). Since this is so weakly defined it’s a really weird mix&match of old and new paramters. To keep this somewhat managable we decided to only switch the absolute minimum over, and that excludes XDG_RUNTIME_DIR, specifically because XDG_RUNTIME_DIR is actually bound to the session/audit runtime and those we do not transition. Instead we simply unset it.
Long story short: su is really a broken concept. It will given you kind of a shell, and it’s fine to use it for that, but it’s not a full login, and shouldn’t be mistaken for one.
I'm guessing that Devuan won't be getting rid of "su."
(Score: 5, Interesting) by hemocyanin on Monday August 31 2015, @04:42PM
If you want a full login, wouldn't you just log in as the other user you want to log in as? But aside from that, and I'll be honest, I wasn't totally following the first quoted paragraph, it sounds like poetteringSU will carry over less of the regular login session. So wouldn't that make it even less of a full login than su is?
Most of the time when I su as another user, it's just to do a specific little thing. I know I'm not everyone though -- is the lack of whatever Poettering perceives as missing from su actually a deficiency? Or is this just another excuse to gut something because it has been around for a long time.
(Score: 4, Informative) by WillR on Monday August 31 2015, @04:58PM
If you want a full login, wouldn't you just log in as the other user you want to log in as?
Because if you're Doing It Right(tm) according to the many Linux hardening guides, you're not allowing logins as root. You have to log in as an unprivileged user, then su or sudo -i to a root shell.
(Score: 0) by Anonymous Coward on Monday August 31 2015, @08:20PM
Why don't we have the bastille linux hardening script anymore.
Why is EVERYTHING good gone?
It stopped working sometime in Wheezy, TCL error, can't track it down, doesn't apply any changes.
(Score: 1) by WillR on Tuesday September 01 2015, @05:16PM
The same PC was allowed with no modification when it was running Win95. Even today, there still isn't a facepalm image big enough for that policy...
(Score: 5, Insightful) by Joe Desertrat on Monday August 31 2015, @05:05PM
Or is this just another excuse to gut something because it has been around for a long time.
Probably this. Everyone uses su and has used it likely for a long time. There have been no reported problems with people using it. It seems the intent is to turn Linux into Lindows.
(Score: 5, Insightful) by Hairyfeet on Monday August 31 2015, @11:58PM
Actually Lindows was a full OS, whether you cared for its design or not. With Poettering its pretty clear the intent is to turn Linux into just a crippled VM running on top of a cloud connected SystemD, which considering Red Hat's push for cloud computing? Really not surprising.
What is interesting to me is just how little control the Linux users have when it comes to corporate takeover. Like it or not Windows 10 was a response to Windows user simply refusing to take the "supergigantic smartphone" design of Windows 8/ 8.1 but when Linux users said "We don't want this" when it came to systemd? They were told to fuck right off, even Debian ignored their "users first" charter to tell the users "too bad so sad".
So I'd say like it or not Red Hat is calling the shots now and they have made it clear that they just do not give 2 shits about end users and without the power of voting with their wallet? Really not much end users can do. Sure there is the fork Devuuan but how long will they be able to last without a thousandth of the budget of even Ubuntu? A year? Two? this is why I've argued "free as in beer" is a bad idea, the power of voting with your wallet is the way end users can force change and without it? Well as we have seen any corp willing to throw around enough $$$ can pretty much just take over the whole show, you either go along or they end up with more and more critical components tied into their "solution" to the point its just no longer feasible to fight against them.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 3, Insightful) by Joe Desertrat on Wednesday September 02 2015, @04:04AM
Actually Lindows was a full OS, whether you cared for its design or not.
Lindows was actually the first Linux distribution I installed (Knoppix was the first I tried). In retrospect I suppose, in a way, it was ahead of its time, it had an app store long before anyone else, but after a couple days I decided to try something different and ended up with Mandrake.
...this is why I've argued "free as in beer" is a bad idea, the power of voting with your wallet is the way end users can force change and without it? Well as we have seen any corp willing to throw around enough $$$ can pretty much just take over the whole show,...
The problem with not having "free as in beer" is that the alternative is a Microsoft or an Apple, or something tending towards them, which is what most users switching to Linux were fleeing in the first place. If systemd becomes too onerous I'll keep trying other distributions, if Linux becomes nothing but a systemd O/S I'll try one of the BSD's. Thankfully, with "free as in beer", I'll still have choices, at least for a while.
(Score: 2, Insightful) by caseih on Tuesday September 01 2015, @04:09AM
And su is still there and you can still use it. Nothing in the article suggests that a new su binary based on systemd is being introduced. This is machinectl functionality they are talking about here, people. It does not replace the /bin/su binary in any way, though you could use machinectl instead of su if you wanted to (probably with a alias or script since typing machinectl is a pain). I'm sure the GNU project will maintain su for some time.
Let's stop the FUD here.
(Score: 2, Insightful) by Anonymous Coward on Tuesday September 01 2015, @08:27AM
They started out claiming the same about all the other things they assimilated. Then the systemd version became required, followed by intentionally breaking support for the Unix(R) way.
As it stands, you either run a systemd-free distro such as Slackware or Gentoo, or you run full scale Potterix.
(Score: 0) by Anonymous Coward on Tuesday September 01 2015, @09:03AM
I like that term. It clearly tells how much it has deviated from the Linux way. Just as we don't usually call Android Linux, despite it being based on the Linux kernel, we also should not use that term on distributions based on systemd.
Maybe Linus should deny the use of the trademark "Linux" on systemd distributions.
(Score: 0, Troll) by Eunuchswear on Tuesday September 01 2015, @01:27PM
As in what, for example?
My systemd boxes are all running ntpd, syslogd and inetd. Just because systemd provides similar functions doesn't mean you can't use others.
Watch this Heartland Institute video [youtube.com]
(Score: 0, Troll) by Eunuchswear on Saturday September 05 2015, @08:17AM
So the systemd haters want to turn soylentnews into slashdot.
In what way was my comment a troll? Is simply not disliking systemd called trolling now?
Watch this Heartland Institute video [youtube.com]
(Score: 5, Informative) by linuxrocks123 on Monday August 31 2015, @05:50PM
Long story short: su is really a broken concept. It will given you kind of a shell, and it’s fine to use it for that, but it’s not a full login, and shouldn’t be mistaken for one.
If you want a login shell with su, you say "su - username" instead of "su username". "su username" gives you "kind of a shell" while "su - username" gives you the shell with the environment set up and the scripts run as in a full login.
But if Poettering actually looked at the man pages for commands before deciding that everyone has been doing it wrong for 40 years, the old way is "broken", and he can do better because he's a genius and his poop doesn't stick, he wouldn't be Poettering.
(Score: 5, Funny) by Anonymous Coward on Monday August 31 2015, @06:29PM
I thought his sticky poop was the main component of systemd.
(Score: 1) by drgibbon on Monday August 31 2015, @10:37PM
Yes and just "su -" for a root login shell.
Certified Soylent Fresh!
(Score: 1) by Eunuchswear on Tuesday September 01 2015, @01:44PM
And if you read the original bug report [github.com] you'll find that that doesn't work -- "su - root" does not give the same environment as logging in as root (the XDG_RUNTIME_DIR environment variable is not set up).
Poettering, correctly, refused to modify the behaviour of su (it does what it the man page says it should) and provided a new command to do what the users wanted done.
Because everyone "knows" that systemd developers always reply WONTFIX to bug reports, right?
Watch this Heartland Institute video [youtube.com]
(Score: 3, Insightful) by linuxrocks123 on Tuesday September 01 2015, @06:50PM
XDG_ORIFICE_EXCRETA didn't even exist until about 30 years after su was coded, so its behavior regarding that nonsense couldn't have been part of its original documentation. If Red Hat changed its behavior, the bug is theirs, not su's. All my Slackware man page for su says is that su - should "provide an environment similar to what the user would expect had the user logged in directly." It appears to do that in Slackware, although I did have an XDG_SESSION_COOKIE variable in my login shell that was not in my "su -" shell. Uninstalling the third-party PAM crap I'd inflicted upon my system at one point to try out otpw fixed that by getting rid of XDG_SESSION_COOKIE entirely. Still not sure how or why PAM wanted to give me an XDG cookie.
(Score: 1) by Eunuchswear on Wednesday September 02 2015, @09:43AM
So you'd rather they changed the way su worked.
Why am I guessing you'd have bitched about that if they did?
Watch this Heartland Institute video [youtube.com]
(Score: 2) by linuxrocks123 on Wednesday September 02 2015, @10:04AM
Whatever problem they are having is a Red Hat distro-specific issue, not a general issue with the su command, since the issue does not exist in Slackware. Creating a new command in a distro-agnostic software system like systemd to solve a parochial problem like that is inappropriate.
Since they appear to have painted themselves into a corner by introducing a bug in their su behavior that their customers came to rely on, most likely they should have just patched su with a new flag indicating "no, really, give me a new session, not the old buggy behavior" and been done with it.
(Score: 0) by Anonymous Coward on Wednesday September 02 2015, @02:48PM
What is Systemd is not distro-agnostic, but distro-mutating? Meaning that every distro that adopts systemd ends up mutating into some RHEL/Fedora clone?
(Score: 1, Informative) by Anonymous Coward on Thursday September 03 2015, @03:35PM
The reason that variable was not set was because of a certain systemd pam module.
Because apparently setting it to the proper dir (as was done before systemd, iirc) would break their session tracking voodoo.
Ergo, su didn't break anything. Poettering's systemd basically created a strawman situation that allowed Poettering to poo poo all over some very tested by time unix functionality.
(Score: 0) by Anonymous Coward on Tuesday September 01 2015, @01:07AM
Bingo. In the world inhabited by idiot savants like LP, if it is old, it must be replaced, because clearly it is no good.
Never mind it has stood the test of time.
(Score: 0) by Anonymous Coward on Tuesday September 01 2015, @08:25AM
No, I want a log saying *who* was logged on as root, and when. Both su and sudo give you that, allowing root logins does not.